Napolitano wants NSA-like hiring authority for DHS cyber workforce

Federal News Radio executive editor Jason Miller on The Federal Drive

The Homeland Security Department increased its cyber workforce by 600 percent over
the last few years, but it still has a ways to go.

Secretary Janet Napolitano said today DHS and the rest of government have been
moving at 80 mph over the last few years and need to move at 120 mph to deal with
the ever-increasing cyber threat.

"We have great and fabulous people, and they attract fabulous people like them,"
Napolitano said during a discussion in Washington sponsored by Washington Post
Live. "We are in the midst of hiring. We need cyber folks, analysts, IT
specialists and people who are familiar with code and coding."

Current hiring not enough to fill gap

She said DHS is bringing in about 600 new cyber workers but probably needs many
more.

DHS needs help and new authorities to hire more quickly and be more competitive
with the private sector. She said that is one of the most important, but least
focused on, parts of the Senate's comprehensive cyber bill.

The version authored by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine)
and Jay Rockefeller (D-W.Va.) calls for the National Cybersecurity and
Communications Integration Center (NCCIC) to receive the same hiring authorities
that the National Security Agency uses to recruit and retain critical employees.

The bill allows the DHS secretary to establish
positions in the excepted service, make direct appointments, set rates of basic
pay and provide additional compensation, benefits, incentives and allowances.

"The section also authorizes the Secretary to exercise, with respect to
cybersecurity employees, the same authorities as the Secretary of Defense to
establish a scholarship program to enable employees to pursue an associate,
baccalaureate, or advanced degree, or a certification in an information assurance
discipline," the bill states. "The section requires the Secretary to report to
Congress annually on the process used to hire individuals for cybersecurity
positions and how the Secretary plans to fill the critical need of DHS to recruit
and retain skilled cybersecurity employees."

Napolitano said these changes can only be done by Congress and are critical to
giving DHS access to hire the expertise needed to protect federal networks and
help critical infrastructure providers secure their systems.

New fellows program underway

She said DHS also is taking steps on its own to address recruitment.

"We just created and announced the Secretarial Honors Program," she said. "It is
scoped to bring in about 50 people. They will be selected on a competitive basis
and some will be in the cyber arena."

In the cyber fellows program, DHS is looking for recent college graduates to enter
a two-year program to develop technical skills.

"Through rotational assignments, participants see how each DHS Component agency
collaborates on cyber-related issues and works first-hand on critical issues or
incidents in a fast-paced, growing environment," DHS stated on its website.
"Candidates are encouraged to participate in the Cybersecurity Internship Program
prior to applying for the Honors Program."

A recent report by the Homeland Security Advisory Council's Task Force on
Cyberskills recommended that DHS hire 600 expertly skilled
cyber workers. This was one of several recommendations made by the task force to
increase the number and skills of the agency's cyber workforce.

She said when there is an attack or when a cyber vulnerability is discovered, DHS
is the hub for information sharing with the private sector and for protecting
federal civilian unclassified networks.

"There are three key players: us, the FBI and the NSA," she said. "A call to us
is a call to all of us. We are so closely interlinked. We have people from each
organization on each other's [security operations center] floors. As we go through
an event, we make decisions together on who takes the lead. If it's a criminal
event, the FBI is in charge. If it's a systems protection vulnerability that needs
to be explored or if information needs to be shared to broader world, that's the
role we play."

Napolitano said she doesn't worry about who's in charge. She said she meets
regularly with FBI Director Robert Mueller and cyber is a common topic of
discussion.

She said a recent example of this coordination is the denial-of-
service attacks against the financial sector.